YouTrack Standalone 2017.4 Help

Keymap:

Configure SSL Connector for Embedded YouTrack Server

The most straightforward way to set up a secure connection for a YouTrack instance is to install an SSL-terminating reverse proxy server in front of YouTrack. Alternatively, you can enable SSL on the YouTrack's embedded Jetty server with a Jetty configuration file.

To make YouTrack use the external XML configuration, point to the Jetty configuration file in the command that you use to start the service. For example:

The following sample jetty.xml file shows how to reference a single SSL connector:

<?xml version="1.0"?><!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_9_0.dtd"><Configureid="Server"class="org.eclipse.jetty.server.Server"><!--Feel free to add other connectors, if necessary--><Callid="sslConnector"name="addConnector"><Arg><Newclass="org.eclipse.jetty.server.ServerConnector"><Argname="server"><Refrefid="Server"/></Arg><Argname="factories"><Arraytype="org.eclipse.jetty.server.ConnectionFactory"><Item><Newclass="org.eclipse.jetty.server.SslConnectionFactory"><Argname="next">http/1.1</Arg><Argname="sslContextFactory"><Newid="sslContextFactory"class="org.eclipse.jetty.util.ssl.SslContextFactory"><Setname="KeyStorePath">/home/.youtrack/keystore</Set><Setname="KeyStorePassword">password</Set><Setname="KeyManagerPassword">password</Set><Setname="TrustStorePath">/home/.youtrack/truststore</Set><Setname="TrustStorePassword">trustPassword</Set><Setname="NeedClientAuth">false</Set><Setname="WantClientAuth">false</Set></New></Arg></New></Item><Item><Newclass="org.eclipse.jetty.server.HttpConnectionFactory"><Argname="config"><Newid="httpsConfig"class="org.eclipse.jetty.server.HttpConfiguration"><Setname="secureScheme">https</Set><Setname="securePort">8443</Set><Setname="sendServerVersion">false</Set><Callname="addCustomizer"><Arg><Newclass="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg></Call></New></Arg></New></Item></Array></Arg><Setname="port">8443</Set><Setname="idleTimeout">30000</Set></New></Arg></Call></Configure>

Set the values for the following parameters to match your YouTrack installation:

Parameter

Value

/home/.youtrack/keystore

The location of your Java keystore file (JKS) and server key. A key with the alias jetty is used by default. If you don't know where to get a Java keystore, take a look at the instructions for SSL and TLS configuration in the Jetty documentation.